v/vlib/os at e465f7490c13b59a4c275c5f47967cbc8e2d66a5 - mirrors/v

mirrors/v

mirror of https://github.com/vlang/v.git synced 2025-09-13 14:32:26 +03:00

History

Turiiya e465f7490c tests: cleanup legacy temp path (#19716 )		2023-10-31 15:16:19 +02:00
..
bare
cmdline
filelock	vfmt: change all '$expr' to '${expr}' (#16428 )	2022-11-15 16:53:13 +03:00
font	all: 2023 copyright	2023-03-28 22:55:57 +02:00
notify	all: make all `struct C.XYZ` -> `pub struct C.XYZ` (#19651 )	2023-10-25 15:01:50 +03:00
args.v	all: 2023 copyright	2023-03-28 22:55:57 +02:00
const.v
const_nix.c.v
const_windows.c.v	checker: check int overflow for const vars (#16332 )	2022-11-06 08:22:28 +03:00
debugger_darwin.c.v	os: add `#include <sys/types.h>` to `debugger_darwin.c.v`, to fix bootstrapping on macOS <= 11 (#17446 )	2023-03-01 00:06:12 +02:00
debugger_default.c.v	os: move `pub fn debugger_present() bool{` to platform-specific files (better ptrace portability handling) (#17373 )	2023-02-21 10:55:03 +02:00
debugger_freebsd.c.v	ci: fix bootstrapping on macos/freebsd etc	2023-02-21 12:30:35 +02:00
debugger_linux.c.v	ci: fix bootstrapping on macos/freebsd etc	2023-02-21 12:30:35 +02:00
debugger_windows.c.v	ci: fix bootstrapping on macos/freebsd etc	2023-02-21 12:30:35 +02:00
dir_expansions_test.v	vfmt: change all '$expr' to '${expr}' (#16428 )	2022-11-15 16:53:13 +03:00
environment.c.v	vlib: update doc comments (#19231 )	2023-08-30 08:50:00 +03:00
environment.js.v	vlib: update doc comments (#19231 )	2023-08-30 08:50:00 +03:00
environment_test.v	vfmt: change all '$expr' to '${expr}' (#16428 )	2022-11-15 16:53:13 +03:00
fd.c.v
file.c.v	all: fix typos (#19634 )	2023-10-23 21:21:15 +03:00
file.js.v	all: remove unnecessary IError() casts	2022-10-28 19:08:30 +03:00
file_test.v	tests: cleanup legacy temp path (#19716 )	2023-10-31 15:16:19 +02:00
filepath.v	all: fix typos (#19634 )	2023-10-23 21:21:15 +03:00
filepath_test.v	vfmt: change all '$expr' to '${expr}' (#16428 )	2022-11-15 16:53:13 +03:00
filepath_windows.v
find_abs_path_of_executable_test.v	tests: cleanup legacy temp path (#19716 )	2023-10-31 15:16:19 +02:00
glob_test.v
inode.c.v	all: 2023 copyright	2023-03-28 22:55:57 +02:00
inode_test.v	tests: cleanup legacy temp path (#19716 )	2023-10-31 15:16:19 +02:00
open_uri_default.c.v	vlib: update doc comments (#19231 )	2023-08-30 08:50:00 +03:00
open_uri_windows.c.v	vlib: update doc comments (#19231 )	2023-08-30 08:50:00 +03:00
os.c.v	all: fix typos (#19634 )	2023-10-23 21:21:15 +03:00
os.js.v	os: cleanup APIs returning `!bool` to either return `!` or `bool` (#16111 )	2022-10-20 13:56:06 +03:00
os.v	all: fix typos (#19634 )	2023-10-23 21:21:15 +03:00
os_android_outside_termux.c.v	all: make all `struct C.XYZ` -> `pub struct C.XYZ` (#19651 )	2023-10-25 15:01:50 +03:00
os_darwin.c.v	all: 2023 copyright	2023-03-28 22:55:57 +02:00
os_js.js.v	os: return the long path for os.temp_dir() on windows, even for folders like `c:\someth~1` (#17623 )	2023-03-14 00:51:52 +02:00
os_linux.c.v	all: 2023 copyright	2023-03-28 22:55:57 +02:00
os_nix.c.v	checker: disallow struct int to ptr outside unsafe (#17923 )	2023-04-13 07:38:21 +02:00
os_structs_dirent_default.c.v	all: make all `struct C.XYZ` -> `pub struct C.XYZ` (#19651 )	2023-10-25 15:01:50 +03:00
os_structs_sigaction_default.c.v	all: make all `struct C.XYZ` -> `pub struct C.XYZ` (#19651 )	2023-10-25 15:01:50 +03:00
os_structs_stat_default.c.v	all: make all `struct C.XYZ` -> `pub struct C.XYZ` (#19651 )	2023-10-25 15:01:50 +03:00
os_structs_stat_linux.c.v	all: make all `struct C.XYZ` -> `pub struct C.XYZ` (#19651 )	2023-10-25 15:01:50 +03:00
os_structs_utsname_default.c.v	all: make all `struct C.XYZ` -> `pub struct C.XYZ` (#19651 )	2023-10-25 15:01:50 +03:00
os_test.v	tests: cleanup legacy temp path (#19716 )	2023-10-31 15:16:19 +02:00
os_windows.c.v	all: make all `struct C.XYZ` -> `pub struct C.XYZ` (#19651 )	2023-10-25 15:01:50 +03:00
password_nix.c.v	os,term.termios: add termios.set_state/2, state.disable_echo/0, use them in os.input_password, to fix `v -os wasm32_emscripten examples/2048/`	2023-07-31 10:28:45 +03:00
password_windows.c.v	clipboard: fix `v -cstrict -cc gcc vlib/clipboard/clipboard_test.v`	2023-10-15 21:21:29 +03:00
process.c.v	vfmt: change all '$expr' to '${expr}' (#16428 )	2022-11-15 16:53:13 +03:00
process.js.v	vfmt: change all '$expr' to '${expr}' (#16428 )	2022-11-15 16:53:13 +03:00
process.v	os: implement Process.set_work_folder/0 to set the initial working folder of the new child process (#17946 )	2023-04-13 14:48:32 +03:00
process_nix.c.v	all: fix typos (#19634 )	2023-10-23 21:21:15 +03:00
process_test.v	tests: cleanup legacy temp path (#19716 )	2023-10-31 15:16:19 +02:00
process_windows.c.v	ci: vfmt vlib/os/process_windows.c.v and vlib/os/os.c.v	2023-10-16 01:48:35 +03:00
README.md	os: update TOCTOU example in readme, to improve readability of the module docs on mobile (#19255 )	2023-09-01 16:09:04 +03:00
signal.c.v	os: add a convenient way to ignore certain system signals (#19639 )	2023-10-25 17:15:26 +03:00
signal.js.v	os: return the long path for os.temp_dir() on windows, even for folders like `c:\someth~1` (#17623 )	2023-03-14 00:51:52 +02:00
signal.v	Revert "os: add a convenient way to ignore certain system signals (#19632 )" (#19637 )	2023-10-24 03:06:57 +03:00
signal_darwin.c.v	os: add a convenient way to ignore certain system signals (#19639 )	2023-10-25 17:15:26 +03:00
signal_default.c.v	ci: fix bootstrapping of signal_default.c.v on macos	2023-10-25 22:26:52 +03:00
signal_test.v	os: add a convenient way to ignore certain system signals (#19639 )	2023-10-25 17:15:26 +03:00
signal_windows.c.v	os: add a convenient way to ignore certain system signals (#19639 )	2023-10-25 17:15:26 +03:00

README.md

Description:

os provides common OS/platform independent functions for accessing command line arguments, reading/writing files, listing folders, handling processes etc.

A few os module functions can lead to the TOCTOU vulnerability if used incorrectly. TOCTOU (Time-of-Check-to-Time-of-Use problem) can occur when a file, folder or similar is checked for certain specifications (e.g. read, write permissions) and a change is made afterwards. In the time between the initial check and the edit, an attacker can then cause damage. The following example shows an attack strategy on the left and an improved variant on the right so that TOCTOU is no longer possible.

Example Hint: os.create() opens a file in write-only mode

Possibility for TOCTOU attack TOCTOU not possible

if os.is_writable("file") {
    // time to make a quick attack
    // (e.g. symlink /etc/passwd to `file`)

    mut f := os.create('path/to/file')!
    // do something with file
    f.close()
}

mut f := os.create('path/to/file') or {
    println("file not writable")
}

// file is locked
// do something with file

f.close()

Proven affected functions
The following functions should be used with care and only when used correctly.

os.is_readable()
os.is_writable()
os.is_executable()
os.is_link()

README.md

Description:

Security advice related to TOCTOU attacks